Cyber Weekly: Supply chains under siege
If you run a small or medium business and you've been treating cybersecurity as a big company problem, this week should change your mind. We had a Fortinet credential leak exposing 74,000+ devices, a WordPress plugin supply chain attack backdooring paying customers, a critical Splunk bug being exploited in the wild, and a Salesforce OAuth breach that started with one vendor's old password. The common thread? None of these required sophisticated, nation-state-level attacks. They required a forgotten admin account, an auto-update you trusted, and an exposed VPN. Here's what happened, what it means, and what to do about it.
Read more